/*     */ package com.chinapay.secss;
/*     */ 
/*     */ import java.io.FileInputStream;
/*     */ import java.io.IOException;
/*     */ import java.security.KeyStore;
/*     */ import java.security.PrivateKey;
/*     */ import java.security.Provider;
/*     */ import java.security.PublicKey;
/*     */ import java.security.Security;
/*     */ import java.security.cert.CertificateFactory;
/*     */ import java.security.cert.X509Certificate;
/*     */ import java.util.Enumeration;
/*     */ import java.util.Properties;
/*     */ import org.bouncycastle.jce.provider.BouncyCastleProvider;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class CertUtil
/*     */ {
/*     */   private KeyStore keyStore;
/*     */   private X509Certificate verifyCert;
/*     */   private PrivateKey priKey;
/*     */   private PublicKey pubKey;
/*     */   private String signCertId;
/*     */   private SecssConfig secssConfig;
/*     */   
/*     */   public SecssConfig getSecssConfig() {
/*  64 */     return this.secssConfig;
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public static synchronized CertUtil init() throws SecurityException {
/*  74 */     CertUtil certUtil = new CertUtil();
/*  75 */     certUtil.secssConfig = SecssConfig.defaultInit();
/*  76 */     certUtil.initSignCert();
/*  77 */     certUtil.initVerifyCert();
/*     */     
/*  79 */     return certUtil;
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public static synchronized CertUtil init(Properties pros) throws SecurityException {
/*  91 */     CertUtil certUtil = new CertUtil();
/*  92 */     certUtil.secssConfig = SecssConfig.specifyInit(pros);
/*  93 */     certUtil.initSignCert();
/*  94 */     certUtil.initVerifyCert();
/*  95 */     return certUtil;
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public void initSignCert() throws SecurityException {
/*     */     try {
/* 105 */       String signFile = this.secssConfig.getSignFile();
/* 106 */       if (SecssUtil.isEmpty(signFile)) {
/* 107 */         throw new SecurityException(SecssConstants.SIGN_CERT_ERROR);
/*     */       }
/* 109 */       String signFilePwd = this.secssConfig.getSignFilePwd();
/* 110 */       if (SecssUtil.isEmpty(signFilePwd)) {
/* 111 */         throw new SecurityException(SecssConstants.SIGN_CERT_PWD_ERROR);
/*     */       }
/* 113 */       String signCertType = this.secssConfig.getSignCertType();
/* 114 */       if (SecssUtil.isEmpty(signCertType)) {
/* 115 */         throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
/*     */       }
/* 117 */       this.keyStore = getKeyStore(signFile, signFilePwd, signCertType);
/*     */       
/* 119 */       initPriKey();
/* 120 */     } catch (SecurityException e) {
/* 121 */       throw e;
/* 122 */     } catch (Exception e) {
/* 123 */       LogUtil.writeErrorLog("init sign cert error", e);
/* 124 */       throw new SecurityException(SecssConstants.INIT_SIGN_CERT_ERROR);
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public void initVerifyCert() throws SecurityException {
/* 134 */     String verifyFile = this.secssConfig.getVerifyFile();
/* 135 */     if (SecssUtil.isEmpty(verifyFile)) {
/* 136 */       throw new SecurityException(SecssConstants.VERIFY_CERT_ERROR);
/*     */     }
/* 138 */     CertificateFactory cf = null;
/* 139 */     FileInputStream in = null;
/*     */     try {
/* 141 */       cf = CertificateFactory.getInstance("X.509");
/* 142 */       in = new FileInputStream(verifyFile);
/* 143 */       this.verifyCert = (X509Certificate)cf.generateCertificate(in);
/* 144 */       this.pubKey = this.verifyCert.getPublicKey();
/* 145 */       initPubKey();
/* 146 */       if (in != null) {
/*     */         try {
/* 148 */           in.close();
/* 149 */         } catch (IOException iOException) {}
/*     */       
/*     */       }
/*     */     }
/* 153 */     catch (Exception e) {
/* 154 */       LogUtil.writeErrorLog("初始化验签证书异常", e);
/* 155 */       if (in != null) {
/*     */         try {
/* 157 */           in.close();
/* 158 */         } catch (IOException iOException) {}
/*     */       }
/*     */ 
/*     */       
/* 162 */       throw new SecurityException(SecssConstants.INIT_VERIFY_CERT_ERROR);
/*     */     } finally {
/* 164 */       if (in != null) {
/*     */         try {
/* 166 */           in.close();
/* 167 */         } catch (IOException iOException) {}
/*     */       }
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public void reloadSignCert(String certPath, String pass) throws SecurityException {
/*     */     try {
/* 186 */       String signCertType = this.secssConfig.getSignCertType();
/* 187 */       if (SecssUtil.isEmpty(signCertType)) {
/* 188 */         throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
/*     */       }
/* 190 */       this.keyStore = getKeyStore(certPath, pass, signCertType);
/* 191 */     } catch (SecurityException e) {
/* 192 */       throw e;
/* 193 */     } catch (Exception e) {
/* 194 */       throw new SecurityException(SecssConstants.RELOADSC_GOES_WRONG);
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public KeyStore getKeyStore(String signFile, String signFilePwd, String signFileType) throws SecurityException, Exception {
/*     */     try {
/* 214 */       LogUtil.writeLog(String.format("signFile=%s,signFileType=%s", new Object[] {
/* 215 */               signFile, signFileType }));
/* 216 */       KeyStore ks = null;
/* 217 */       if ("JKS".equals(signFileType)) {
/* 218 */         ks = KeyStore.getInstance(signFileType, "SUN");
/* 219 */       } else if ("PKCS12".equals(signFileType)) {
/* 220 */         Security.addProvider((Provider)new BouncyCastleProvider());
/* 221 */         ks = KeyStore.getInstance(signFileType);
/*     */       } else {
/* 223 */         throw new SecurityException(SecssConstants.SIGN_CERT_TYPE_ERROR);
/*     */       } 
/* 225 */       FileInputStream fis = new FileInputStream(signFile);
/* 226 */       char[] nPassword = null;
/* 227 */       nPassword = SecssUtil.isEmpty(signFilePwd) ? null : signFilePwd
/* 228 */         .toCharArray();
/* 229 */       ks.load(fis, nPassword);
/* 230 */       fis.close();
/* 231 */       return ks;
/* 232 */     } catch (SecurityException e) {
/* 233 */       throw e;
/* 234 */     } catch (Exception e) {
/* 235 */       if (e instanceof java.security.KeyStoreException && 
/* 236 */         "PKCS12".equals(signFileType))
/* 237 */         Security.removeProvider("BC"); 
/* 238 */       throw e;
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   protected void initPriKey() throws SecurityException {
/*     */     try {
/* 249 */       Enumeration<String> aliasenum = this.keyStore.aliases();
/* 250 */       String keyAlias = null;
/*     */       
/* 252 */       while (aliasenum.hasMoreElements()) {
/* 253 */         keyAlias = aliasenum.nextElement();
/* 254 */         LogUtil.writeLog(String.format("keyAlias=%s", new Object[] { keyAlias }));
/*     */         
/* 256 */         if (keyAlias.equals(this.secssConfig.getSignFileAlias())) {
/*     */           break;
/*     */         }
/*     */         
/* 260 */         this.priKey = (PrivateKey)this.keyStore.getKey(keyAlias, this.secssConfig
/* 261 */             .getSignFilePwd().toCharArray());
/* 262 */         if (this.priKey != null) {
/*     */           break;
/*     */         }
/*     */       } 
/* 266 */     } catch (Exception e) {
/* 267 */       LogUtil.writeErrorLog("获取私钥异常", e);
/* 268 */       throw new SecurityException(SecssConstants.GET_PRI_KEY_ERROR);
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public String getSignCertId() throws SecurityException {
/*     */     try {
/* 280 */       Enumeration<String> aliasenum = this.keyStore.aliases();
/* 281 */       String keyAlias = null;
/* 282 */       if (aliasenum.hasMoreElements()) {
/* 283 */         keyAlias = aliasenum.nextElement();
/*     */       }
/* 285 */       X509Certificate cert = (X509Certificate)this.keyStore
/* 286 */         .getCertificate(keyAlias);
/* 287 */       this.signCertId = cert.getSerialNumber().toString();
/* 288 */       return this.signCertId;
/* 289 */     } catch (Exception e) {
/* 290 */       LogUtil.writeErrorLog("获取证书编号异常", e);
/* 291 */       throw new SecurityException(SecssConstants.GET_CERT_ID_ERROR);
/*     */     } 
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   protected void initPubKey() {
/* 299 */     this.pubKey = this.verifyCert.getPublicKey();
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public PrivateKey getPriKey() {
/* 308 */     return this.priKey;
/*     */   }
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   
/*     */   public PublicKey getPubKey() {
/* 317 */     return this.pubKey;
/*     */   }
/*     */ }


/* Location:              C:\Users\Administrator\Downloads\jd-gui-windows-1.6.6\jd-gui-windows-1.6.6\chinapay-secure-1.5.1.jar!\com\chinapay\secss\CertUtil.class
 * Java compiler version: 5 (49.0)
 * JD-Core Version:       1.1.3
 */